Identification-dependent communication between vehicles

ABSTRACT

A method and assistance system drawn to identification-dependent communication that takes place between vehicles. The messages to be transmitted are encrypted by cryptographic methods, wherein the necessary keys for the cryptographic methods are stored in vehicle components which are protected from unauthorized removal and installation by means of protection mechanisms. The method and system make it possible to limit standardized broadcasts to a particular group of users.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is the U.S. national phase application of PCTInternational Application No. PCT/EP2008/061696, filed Sep. 4, 2008,which claims priority to German Patent Application No. 10 2007 042031.7, filed Sep. 5, 2007, German Patent Application No. 10 2007 059831.0, filed Dec. 11, 2007, and German Patent Application No. 10 2008045 467.2, filed Sep. 3, 2008, the contents of such applications beingincorporated by reference herein.

FIELD OF THE INVENTION

The invention relates to assistance technology for vehicles. Inparticular, the invention relates to an assistance system for a vehicle,a vehicle having such an assistance system, a method foridentification-dependent communication between vehicles, a programelement and a computer-readable medium.

BACKGROUND OF THE INVENTION

Radio communication between individual vehicles which takes place in theform of a general broadcast involves all the vehicles which are in rangebeing addressed simultaneously. In other words, all the vehicles cancommunicate with all the other vehicles.

If the communication is intended to take place only between certainvehicles, it is possible to select a respective one of the particularvehicles individually. In this case, the communication is then betweenprecisely two vehicles.

If the vehicle-to-vehicle communication is intended to take placebetween a multiplicity of vehicles, however, with some vehicles notbelonging to said group of particular vehicles, it is necessary to findanother solution.

SUMMARY OF THE INVENTION

It is an object of the invention to provide improved vehicle-to-vehiclecommunication.

The invention specifies an assistance system for a vehicle, a vehiclehaving such an assistance system, a method for identification-dependentcommunication between vehicles, a program element and acomputer-readable medium.

The exemplary embodiments described relate in equal measure to theassistance system, the vehicle, the method, the program element and thecomputer-readable medium. In other words, the features subsequentlycited in respect of the assistance system can also be implemented in themethod, the vehicle, the program element or the computer-readablemedium, and vice versa.

In line with one exemplary embodiment of the invention, an assistancesystem for a first vehicle is specified, wherein the assistance systemhas a communication device and also a restriction device. Thecommunication device is used for communication with selectedtransmission and reception devices. These may be vehicles and/or mobiletransmission and reception devices, such as a mobile telephone, whichare adjacent to the first vehicle.

The restriction device is designed to restrict the communication to theselected transmission and reception devices. The restriction device orat least a fundamental portion thereof is integrated in a vehiclecomponent of the assistance system, said vehicle component having aprotection mechanism which protects the vehicle component fromunauthorized removal and installation in the assistance system.

In other words, it is possible for the communication signals to betransmitted as a broadcast and hence, in principle, to be received byall the vehicles which are positioned in range. However, each vehiclecontains a restriction device which ensures that only the vehicles whichhave actually been selected are able to be involved in thecommunication. This selection can be made by the user, for example, orelse by the manufacturer. In particular, the selection can be setexternally by a control center during the operation of the assistancesystem, for example using a radio transmission link.

On the one hand, it is possible for the signal transmitted by thevehicle or mobile appliance to have been modified by the restrictiondevice such that it can be read only by the selected vehicles. This canbe done using an appropriate decryption algorithm, for example, whichencrypts the data to be transmitted such that only selected receiverscan decrypt them. On the other hand, it is alternatively possible forthe data to admittedly be able to be read by any receiver, in principle,but for the restriction device to recognize whether the received dataare intended for the receiver. Only if the restriction device recognizesthat the data are actually intended for this receiver does it releasethe data for further handling or for reproduction.

By way of example, the restriction device may be a piece ofcryptographic software. It is also possible for the restriction deviceto be merely a database with the individual keys for the transmittersand receivers, which are sorted according to different groups, forexample. Naturally, the restriction device may also have an appropriatepiece of hardware which is designed to perform the encryption anddecryption.

As an alternative or in addition to encryption of the data, it is alsopossible for the data to be authenticated, so that the receiver canestablish whether it is the “required” receiver.

In line with the further exemplary embodiment of the invention, theselected transmission and reception devices are assistance systems whichare arranged in vehicles (202) adjacent to the first vehicle (201).

In line with a further exemplary embodiment of the invention, theselected transmission and reception devices have a mobile communicationappliance which is designed to support the assistance system (100).

In line with a further exemplary embodiment of the invention, therestriction device has an encryption device which is designed to encryptdata which are to be transmitted and to decrypt received data, whereinthe keys required for the encryption and decryption are stored in therestriction device.

In line with a further exemplary embodiment of the invention, therestriction device or the keys required for the encryption anddecryption is/are integrated in an ESP controller or in a driverassistance unit. The keys or other software or hardware componentsrequired for handling the data which are to be transmitted or which arereceived may also be integrated in other units, such as in an airbagcontroller, steering electronics, a central chassis controller forperforming driving dynamics tasks, an engine controller, a gearboxcontroller, a suspension and/or shock-absorber controller, a (central)gateway, a driving authorization controller, a controller for am ambientsensor or directly in an ambient sensor, etc.

In this way, it is possible to ensure that the vehicle cannot readily beretrofitted with a corresponding restriction device. This means that itis possible to reduce the risk of misuse.

In line with a further exemplary embodiment of the invention, thevehicle component in which the restriction device is integrated is inthe form of a separate, standalone module.

By way of example, this module can be permanently connected, e.g.welded, to the vehicle frame, for example at a location which isaccessible only with very great difficulty.

In line with a further exemplary embodiment of the invention, theassistance system has an input device which can be used to select thevehicles which are intended to be involved in the communication.

In this way, the user (driver) himself can determine which vehicles areintended to be involved in the communication. By way of example, it ispossible for the driver to create particular user groups between whichhe can select. Each user group is then provided with a dedicated key ora dedicated key pair in order to encrypt and decrypt the messages asappropriate.

In line with a further exemplary embodiment of the invention, theselected vehicles are vehicles from a particular manufacturer, vehiclesin a particular class or vehicles in a particular model.

In line with a further exemplary embodiment of the invention, theselected vehicles are emergency vehicles, rescue vehicles, or arevehicles for short-distance public transport.

The relevant groups of vehicles which are involved can be defined by theactual manufacturer when the assistance system is manufactured.

In line with one exemplary embodiment of the invention, it is notpossible for these groups to be subsequently changed by a user. Thisfurther reduces the risk of misuse.

In line with a further exemplary embodiment of the invention, thecommunication unit is designed for communication using Bluetooth,ZigBee, WLAN, WiMax, DSRC or cellular radio (GPRS, UMTS, LTE, etc.).

It is also possible to use other transmission protocols. The citedprotocols afford the advantage of standardization already having takenplace.

In line with a further exemplary embodiment of the invention, a vehiclehaving an assistance system as described above is specified.

By way of example, the vehicle is a motor vehicle, such as a car, bus orheavy goods vehicle, or else is a rail vehicle, a ship, an aircraft,such as a helicopter or airplane, or is a motor cycle.

In line with a further exemplary embodiment of the invention, a methodfor identification-dependent communication between vehicles or between avehicle and a mobile appliance is specified in which data are receivedfrom a transmitting vehicle or appliance and it is then establishedwhether the transmitting vehicle (or mobile appliance) is a vehicle (ormobile appliance) which belongs to a selected group of vehicles (ormobile appliances). This is established by accessing a vehicle componentof an assistance system in the receiving vehicle, said vehicle componenthaving a protection mechanism which protects the vehicle component fromunauthorized removal and installation in the assistance system.

In line with a further exemplary embodiment of the invention, a methodfor identification-dependent communication between components of avehicle is specified in which data are received from a transmittingcomponent in the vehicle by another component in the vehicle and it isthen established whether the transmitting component is a component whichbelongs to the group of components which are authorized fortransmission. It is therefore possible to establish whether a componenthas been replaced retrospectively (sometimes without authorization).This requires every affected component to have a dedicated restrictionunit. A list of possible components which are suitable for this purposecomprises the aforementioned controllers. By way of example,establishing the above involves accessing a vehicle component of anassistance system in the receiving vehicle, said vehicle componenthaving a protection mechanism which protects the vehicle component fromunauthorized removal and installation in the assistance system.

In line with a further exemplary embodiment of the invention, it isestablished whether the transmitting vehicle is a vehicle which belongsto a selected group of vehicles on the basis of a cryptographic method,wherein the keys required for the cryptographic method are stored in thevehicle component.

In other words, fundamental program elements are integrated or installedin a protected area which cannot readily be replaced or retrofitted.

In line with a further exemplary embodiment of the invention, a programelement is specified which, when executed on the processor, instructsthe processor to perform the method steps specified above.

In this case, the program element may be part of a piece of softwarewhich is stored on a processor in the assistance system, for example.The processor may likewise be the subject matter of the invention. Inaddition, this exemplary embodiment of the invention comprises a programelement which uses the invention right from the outset, and also aprogram element which prompts an existing program to use the inventionby virtue of an update.

In line with a further exemplary embodiment of the invention, acomputer-readable medium is specified which stores the program elementwhich, when executed on a processor, instructs the processor to performthe method steps specified above.

Exemplary embodiments of the invention are described below withreference to the figures.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is best understood from the following detailed descriptionwhen read in connection with the accompanying drawings. Included in thedrawings is the following figures:

FIG. 1 shows an assistance system based on an exemplary embodiment ofthe invention.

FIG. 2 shows a plurality of vehicles based on a further exemplaryembodiment of the invention.

FIG. 3 shows a flowchart for a method based on a further exemplaryembodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The illustrations in the figures are schematic and not to scale.

In the description of the figures which follows, the same referencenumerals are used for the same or similar elements.

FIG. 1 shows a schematic illustration of components of an assistancesystem 100 which is installed in a vehicle, for example. The assistancesystem 100 has a control unit 140, a communication unit 122 with anantenna 123 and has a restriction device 121.

The data to be transmitted, which are transmitted from the control unit140, which is in the form of a CPU, for example, to the communicationunit 122, are edited by means of the restriction device 121 prior tosending such that they can only be read by particular receivers.

Accordingly, the restriction device 121 is also used to accept receivedmessages and to establish whether they are intended for the respectivevehicle.

In this way, it is possible to allow vehicle-to-vehicle communicationwhich is restricted to particular groups (e.g. to vehicles from onemanufacturer, vehicles in a particular class, or a particular model ofvehicle, etc.). For this purpose, the communication is encrypted bycryptographic methods. The necessary key is stored in vehicle componentswhich cannot readily be replaced. By way of example, these are drivingdynamics systems, such as ESP, EDS, ASR or ABS, which cannot readily beinstalled retrospectively and which are also not readily availableseparately (that is to say are not readily available on the“aftermarket”).

This key also allows certain properties to be restricted to certainvehicles, such as emergency vehicles (rescue vehicles, etc.), vehiclesfor short-distance public transport, etc.

The restriction unit 121 can also be fitted directly between thecommunication unit 122 and the control unit 140. In that case, the keyis still stored in another vehicle component, however. This variant isnot shown for the sake of clarity.

The control unit 140 has an input unit 126 connected to it. The inputunit 126 allows various adjustments to be made for the assistance systemand possibly on a navigation unit 120 which is linked thereto.

In addition, a visual output unit in the form of a monitor 128 isprovided which can be used to output routing information, for example,or else information regarding the group of vehicles which are involved.Furthermore, the routing information can also be output via the audibleoutput unit 127. Output via the audible output unit 127 has theadvantage that the driver is less distracted from what is currentlyhappening in the traffic.

A memory element 124, which is connected to the control unit 140 or isintegrated in the control unit 140, stores the digital map data (e.g. asnavigation map data) in the form of data records. By way of example, thememory element 124 also stores additional information about trafficrestrictions, infrastructure devices and the like in association withthe data records.

In addition, a driver assistance unit 125 is provided which is suppliedwith the digital map data or with other information.

For the purpose of determining the current vehicle position, theassistance system 100 has a navigation unit 120 with a satellitenavigation receiver 106 which is designed to receive positioning signalsfrom Galileo-satellites or GPS satellites, for example. Naturally, thesatellite navigation receiver 106 may also be designed for othersatellite navigation systems.

The satellite navigation receiver 106 is connected to the control unit140. The navigation unit 120 is also connected to the control unit 140.In addition, there is a direct connection between the navigation unit120 and the satellite navigation receiver 106. It is thus possible forthe GPS signals to be transmitted directly to the CPU 140.

Since the positioning signals cannot always be received in city centers,for example, the sensor system 119 of the assistance system 100 also hasa direction sensor 107, a distance sensor 108, a steering wheel anglesensor 109, a spring excursion sensor 102, an ESP sensor system 103 andpossibly an optical detector 104 for the purpose of performing compoundnavigation. It is also possible for a beam sensor 105 (radar sensor orlidar sensor) to be provided. In addition, the sensor system 119 has aspeedometer 101.

The signals from the GPS receiver 106 and from the other sensors arehandled in the control unit 140. The vehicle position ascertained fromsaid signals is aligned with the roadmaps using map matching. Therouting information obtained in this manner is finally output via themonitor 128.

FIG. 2 shows a plurality of vehicles 201, 202, 203 which arerespectively equipped with an assistance system 100. In addition, amobile appliance 205 (mobile telephone, PDA, etc.) is provided which iscarried in the vehicle 201. The three vehicles and the mobile appliance205 can communicate with one another by means of a wirelesscommunication link 204.

Only those vehicles which have an assistance system 100 can be involvedin the communication. In addition, communication is possible only forthose mobile appliances 205 which have suitable authentication, that isto say belong to a selected group. However, even if the vehicle has suchan assistance system 100, it may be excluded from certain communicationif it does not belong to a particular, selected group of vehicles.

This allows vehicle-to-vehicle communication and/or vehicle-to-mobileappliance communication which is restricted to particular groups and isaccessible only to particular groups.

In other words, it is therefore possible to limit standardizedcommunication techniques to a particular group of users.

The keys required for the communication are stored in the relevantvehicle component during the actual manufacture of the assistancesystem.

FIG. 3 shows a flowchart for a method based on an exemplary embodimentof the invention. In step 301, an assistance system in a first vehicleencrypts a message which is to be transmitted using a key which isstored in an ESP controller. In step 302, the message is transmitted inthe form of a broadcast and is received by a plurality of vehicles. Instep 303, the message is decrypted by an assistance system in anadjacent vehicle using a key which is stored in an ESP controller. Instep 304, the received and decrypted message is then forwarded, forexample to the control unit 140.

In addition, it should be pointed out that “comprising” and “having” donot exclude other elements or steps, and “a” or “an” does not exclude alarge number. Furthermore, it should be pointed out that features orsteps which have been described with reference to one of the aboveexemplary embodiments can also be used in combination with otherfeatures or steps from other exemplary embodiments described above.

1. An assistance system for a first vehicle, said assistance systemhaving: a communication device for communication with selectedtransmission and reception devices in other selected vehicles in a groupwith the first vehicle; a restriction device for restricting thecommunication to the selected vehicles in the group using acryptographic key; wherein the restriction device is integrated in anelectronic vehicle component of the assistance system duringmanufacturing of the electronic vehicle component; and wherein theelectronic vehicle component is a driving dynamic system of the firstvehicle.
 2. The assistance system as claimed in claim 1, wherein theselected transmission and reception devices are assistance systems whichare arranged in vehicles proximate to the first vehicle.
 3. Theassistance system as claimed in claim 1, wherein the selectedtransmission and reception devices are a mobile communication appliancewhich is designed to support the assistance system.
 4. The assistancesystem as claimed in claim 1, wherein the restriction device has anencryption device which is designed to encrypt data which are to betransmitted and to decrypt received data; wherein keys required for theencryption and decryption are stored in the restriction device.
 5. Theassistance system as claimed in claim 4, wherein the restriction deviceor the keys required for the encryption and decryption is/are integratedin an ESP controller or in a driver assistance unit.
 6. The assistancesystem as claimed in claim 1, wherein the vehicle component is aseparate, standalone module.
 7. The assistance system as claimed inclaim 1, wherein the assistance system has an input device which isusable to select the vehicles which are involved in the communication.8. The assistance system as claimed in claim 7, wherein the selectedvehicles are vehicles from a particular manufacturer, vehicles in aparticular class, or vehicles in a particular model.
 9. The assistancesystem as claimed in claim 7, wherein the selected vehicles areemergency vehicles, rescue vehicles, or are vehicles for short-distancepublic transport.
 10. The assistance system as claimed in claim 1,wherein the communication unit is designed for communication usingBluetooth, ZigBee, WLAN, WiMax, DSRC or cellular radio.
 11. A vehiclehaving an assistance system as claimed in claim
 1. 12. A method foridentification-dependent communication between vehicles, said methodhaving the following steps: receiving, by a receiver of a first vehicle,data from a transmission and reception device in a second vehicle in agroup with the first vehicle; and restricting, by a restriction devicein the first vehicle, communication between the first vehicle and thesecond vehicle by using a cryptographic key, wherein the restrictiondevice is integrated in an electronic driving dynamic system of thefirst vehicle during manufacturing of the electronic driving dynamicsystem.
 13. A method for identification-dependent communication betweena plurality of components of a vehicle, said method having the followingsteps: receiving data encrypted by a cryptographic key sent by atransmitting electronic driving dynamic component in the vehicle byanother electronic component in the vehicle; and determining whether thetransmitting component is a component which belongs to a group ofselected components which are authorized for transmission based on thecryptographic key, wherein the cryptographic key is integrated in theelectronic driving dynamic component of the vehicle during manufacturingof the electronic driving dynamic component.
 14. The method as claimedin claim 13, further comprising using a cryptographic method todetermine whether the transmitting component is a component whichbelongs to a group of selected components which are authorized fortransmission.
 15. The method as claimed in claim 14, further comprisingstoring keys required for the cryptographic method in the vehiclecomponent.
 16. A non-transitory computer-readable medium which stores aprogram element which, when executed on a processor, instructs theprocessor to perform the following steps: receiving, by a receiver of afirst vehicle, data from a transmission and reception device in a secondvehicle in a group with the first vehicle; and restricting, by arestriction device in the first vehicle, communication between the firstvehicle and the second vehicle by using a cryptographic key, wherein therestriction device is integrated in an electronic driving dynamic systemof the first vehicle during manufacturing of the electronic drivingdynamic system.